Cisco deals blow to prominent malware provider

Cisco’s Talos unit is saying that it has shut down a serious provider of ransomware. Here’s how. 

According to Talos, the group of hackers responsible for the Angler Exploit Kit may have been able to net $60 million a year from its operations. This kit contains all kinds of nasty stuff, from ransomware to 0-days to exploits that target unpatched systems.

The kit is remarkably easy to use, and it has a solid reputation for hitting users hard – an estimated 40% of attacks are successful, according to ArsTechnica. That’s significant, given the malware targets 90,000 users daily.

And the records show it’s brought in at least $30 million from its ransomware operations alone – this despite only three percent of infected users actually paying the $300 ransom.

How it went down

Cisco was able to discover that almost half of the Angler activity was on Limestone Networks servers. Using that information, it:

  • shut down access to affected servers
  • published indicators of compromise (IOCs) so other researchers can analyze their own networks for comprises, and
  • contacted affected hosting providers to shut down malicious servers.

A serious problem

Malware for sale is a serious issue that affects many users. Rather than relying on hackers to develop their own malware, these exploit kits are one-stop shopping for attackers.

One crucial way to stay safe is to make sure you’re on top of patching vulnerable systems and servers.

It’s not foolproof, but it is perhaps the best way to keep compromises from affecting your systems.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy